Cloud Data Centers: Goodbye SAS 70, Hello SSAE 16
When customers and channel partners seek cloud data centers, they often ask about SAS 70 auditing standard. But starting June 15, 2011, the focus started to shift to SSAE 16 — a new standard that seeks to give data center customers and partners more peace of mind. True believers include Online Tech, a data center provider in Michigan.
According to NDB Accountants and Consultants:
“SSAE 16 effectively replaces Statement on Auditing Standards No. 70 (SAS 70) for service auditor’s reporting periods ending on or after June 15, 2011. Two (2) types of SSAE 16 reports are to be issued, a Type 1 and a Type 2. Additionally, SSAE 16 requires that the service organization provide a description of its “system” along with a written assertion by management.”
SAS 70, short for Statement on Auditing Standards No. 70, has been around since 1992. Data centers widely embraced SAS 70 to show customers and partners that they had proper business controls in place.
The replacement, SSAE 16, is short for Statement on Standards for Attestation Engagements (SSAE ) No. 16. SSAE 16 is promoted by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA).
SSAE 16 keeps pace with the “growing push towards more globally accepted international accounting standards,” according to NDB Accountants and Consultants.
True believers in SSAE 16 include Online Tech, which operates data centers in Ann Arbor and Mid-Michigan. A recent audit showed that Online Tech’s data centers comply with SSAE 16. According to a prepared statement from Online Tech, “SSAE 16 provides better alignment with international standards and requires a written assertion from management on the design and operating effectiveness of the data center controls.”
Online Tech also complies with SOC 2 & SOC 3 (Service Organization Control 2 & 3). The standards provide a benchmark by which two data center audits can be compared against each other for security, availability and process integrity, Online Tech asserts.
Talkin’ Cloud will be watching to see if more cloud service providers embrace SSAE 16, SOC 2 and SOC 3.